Machine learning approach for detection of nonTor traffic

Intrusion detection has attracted a considerable interest from researchers and industry. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymizing the identity of internet users connecting through a series of tunnels and nodes. This work identifies two problems; classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users in using the UNB-CIC Tor Network Traffic dataset and classification of the Tor traffic flow in the network. This paper proposes a hybrid classifier; Artificial Neural Network in conjunction with Correlation feature selection algorithm for dimensionality reduction and improved classification performance. The reliability and efficiency of the propose hybrid classifier is compared with Support Vector Machine and naïve Bayes classifiers in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset. Experimental results show the hybrid classifier, ANN-CFS proved a better classifier in detecting nonTor traffic and classifying the Tor traffic flow in UNB-CIC Tor Network Traffic dataset

An Effective Cost-Sensitive Convolutional Neural Network for Network Traffic Classification

The volume, and density of computer network traffic are increasing dramatically with the technology advancements, which has led to the emergence of various new protocols. Analyzing the huge data in large business networks has become important for the owners of those networks. As the majority of the developed applications need to guarantee the network services, while some traditional applications may work well enough without a specific service level. Therefore, the performance requirements of future internet traffic will increase to a higher level. Increasing pressure on the performance of computer networks requires addressing several issues, such as maintaining the scalability of new service architectures, establishing control protocols for routing, and distributing information to identified traffic streams. The main concern is flow detection and traffic detection mechanisms to help establish traffic control policies. A cost-sensitive deep learning approach for encrypted traffic classification has been proposed in this research, to confront the effect of the class imbalance problem on the low-frequency traffic data detection. The developed model can attain a high level of performance, particularly for low-frequency traffic data. It outperformed the other traffic classification methods

Application-Based Online Traffic Classification with Deep Learning Models on SDN Networks

The traffic classification based on the network applications is one important issue for network management. In this paper, we propose an application-based online and offline traffic classification, based on deep learning mechanisms, over software-defined network (SDN) testbed. The designed deep learning model, resigned in the SDN controller, consists of multilayer perceptron (MLP), convolutional neural network (CNN), and Stacked Auto-Encoder (SAE), in the SDN testbed. We employ an open network traffic dataset with seven most popular applications as the deep learning training and testing datasets. By using the TCPreplay tool, the dataset traffic samples are re-produced and analyzed in our SDN testbed to emulate the online traffic service. The performance analyses, in terms of accuracy, precision, recall, and F1 indicators, are conducted and compared with three deep learning models

CDBC: A novel data enhancement method based on improved between-class learning for darknet detection

With the development of the Internet, people have paid more attention to privacy protection, and privacy protection technology is widely used. However, it also breeds the darknet, which has become a tool that criminals can exploit, especially in the fields of economic crime and military intelligence. The darknet detection is becoming increasingly important; however, the darknet traffic is seriously unbalanced. The detection is difficult and the accuracy of the detection methods needs to be improved. To overcome these problems, we first propose a novel learning method. The method is the Chebyshev distance based Between-class learning (CDBC), which can learn the spatial distribution of the darknet dataset, and generate "gap data". The gap data can be adopted to optimize the distribution boundaries of the dataset. Second, a novel darknet traffic detection method is proposed. We test the proposed method on the ISCXTor 2016 dataset and the CIC-Darknet 2020 dataset, and the results show that CDBC can help more than 10 existing methods improve accuracy, even up to 99.99%. Compared with other sampling methods, CDBC can also help the classifiers achieve higher recall

Cross Dataset Evaluation for IoT Network Intrusion Detection

With the advent of Internet of Things (IOT) technology, the need to ensure the security of an IOT network has become important. There are several intrusion detection systems (IDS) that are available for analyzing and predicting network anomalies and threats. However, it is challenging to evaluate them to realistically estimate their performance when deployed. A lot of research has been conducted where the training and testing is done using the same simulated dataset. However, realistically, a network on which an intrusion detection model is deployed will be very different from the network on which it was trained. The aim of this research is to perform a cross-dataset evaluation using different machine learning models for IDS. This helps ensure that a model that performs well when evaluated on one dataset will also perform well when deployed. Two publicly available simulation datasets., IOTID20 and Bot-IoT datasets created to capture IOT networks for different attacks such as DoS and Scanning were used for training and testing. Machine learning models applied to these datasets were evaluated within each dataset followed by cross -dataset evaluation. A significant difference was observed between the results obtained using the two datasets. Supervised machine learning models were built and evaluated for binary classification to classify between normal and anomaly attack instances as well as for multiclass classification to also categorize the type of attack on the IoT network